FreeRADIUS and OpenSSL Linkage

John Dennis jdennis at
Fri Jan 9 18:34:11 CET 2009

Peter Nixon wrote:
> Sounds fine to me. Maybe we should also in future invesitgate using axtls in 
> place of openssl. Not only is it an order of magnitude smaller which is 
> great for embedded systems, it is also BSD licensed.
FWIW in Fedora we're trying to consolodate all of the crypto usage in 
our distribution so that it uses NSS (Network Security Services), We're doing this by 
incrementally porting applications using OpenSSL or GNU TLS to NSS. 
We're doing this for a few reasons, to reduce the attack surface by 
having only a single crypto library which is well vetted, because NSS is 
FIPS-140 certified (a government requirement), because NSS has a lot 
more features (e.g. smart cards, integration with an entire PKI 
ecosystem (e.g. the open source certificate management system DogTag,, and to eliminate the 
obnoxious licensing issues with OpenSSL).

FreeRADIUS is on our list of applications to be ported to NSS. At the 
moment the only thing holding that back is the lack of time (I'm the 
mostly likely person to perform the port and I don't have any space 
cycles at the moment). If anybody else has some extra cycles to help 
port FreeRADIUS to NSS please let me know, your help would be greatly 

Alan has told me in the past he is in favor of having a NSS port.

John Dennis <jdennis at>

More information about the Freeradius-Devel mailing list